The What They Know Series

The Wall Street Journal’s What They Know series, created and led by reporter Julia Angwin, documents new, cutting edge uses of tracking technology and analyzes what the rise of ubiquitous surveillance means for consumers and society. The series has been ongoing since 2010 and has involved traditional reporting as well as detailed research by technologists.

In the course of reporting my Wall Street Journal article about NSA whistleblower Bill Binney, I interviewed filmmaker Laura Poitras about her relationship with Binney and how it led to her meeting Edward Snowden. Here is a transcript of our exchange:

Q: What sparked your first interest in Bill Binney?

A: I first learned about Bill in 2011 from Jane Mayer’s New Yorker story on NSA whistleblower Thomas Drake. The article focused on the government’s effort to prosecute Tom under the Espionage Act. In the article, Bill went on the record for the first time in order to defend Tom. He said something that really struck me – he wanted to apologize to the American people for helping build tools now being used to spy on them.

I got Bill’s phone number after reading the article, but it took me a few days to call him. I knew I couldn’t call a former top level NSA crypto-mathematician turned whistleblower without flipping a switch. When I finally called, Bill said something like: “Yes, I’ll speak to you. I’m sick and tired of my government breaking the law and harassing me.”

I imagine that conversation is sitting in a data repository somewhere.

Q: At the time that you reached out to Bill, it was difficult to substantiate the allegations he was making. What made him credible to you?

A: There was no question about Bill’s position in the NSA. By all accounts, he was a legendary mathematician. His eyewitness account of what happened after 9/11 is very compelling and supported by other reports.

I met Bill on the eve of Tom’s trial in 2011. Bill was eager to testify in Tom’s defense because he wanted to be placed under oath and tell the court what he knew about STELLARWIND – NSA’s post 9/11 domestic spying program. Bill didn’t get the opportunity to testify because the government reduced the charges against Tom from espionage (and 35 years in prison), to a misdemeanor.

I think Bill is still hoping to testify under oath someday.

Q: You published your op-doc about Binney “The Program” on August 22, 2012. What prompted you to break off the piece about Binney and publish it prior to your film being completed?

A: I decided to make “The Program” for a couple reasons: First, Bill’s health was bad and I didn’t know how long he’d be with us. He had taken so many risks to speak out that I felt an urgency to make public his warnings. Second, the FISA Amendments Acts (FAA), was up for renewal in December 2012, and there was little public debate or interest about the bill and its renewal. For these two reasons, I felt the story couldn’t wait for me to finish the longer film, so I approached the NYT to make the short op-doc.

Q: Is it correct that Edward Snowden reached out to you because of the Binney documentary?

A: I can’t speak for Snowden’s decision-making process, but he did tell me he learned of my interest in NSA surveillance from the op-doc I made about Bill.

While reporting my Wall Street Journal article about NSA whistleblower Bill Binney, I posed some questions to Edward Snowden. Here is our exchange, which was fielded by his legal counsel, Ben Wizner at the ACLU:

Q: In a June Q&A with the Guardian, you were asked about the treatment of Binney and Drake, and you replied “these draconian responses simply build better whistleblowers.” Can you elaborate on what you learned from the treatment of Binney and how it has informed your actions?

Snowden: I have tremendous respect for Binney, who did everything he could according to the rules. We all owe him a debt of gratitude for highlighting how the Intelligence Community punishes reporting abuses within the system. If you stay quiet and keep your eyes forward, you’ll be taken care of, even if you lie to Congress. If you buck the system, you find armed agents in your bathroom.

Q: One of the points that Binney makes is that not only is dragnet surveillance harmful to civil liberties, but it also overwhelms the NSA analysts who have to sift through it, weakening our intelligence apparatus. Do you agree with that argument?

Snowden: I do. Mass surveillance causes us to miss events like the Boston Bombings because analysts are distracted by low-effort analysis of endless and unfocused chatter rather than the focused, targeted investigation of things like tipoffs from partners. When your working process every morning starts with poking around a haystack of 7 billion innocent lives, you’re going to miss things like that. We’re blinding our people with data we don’t need and it puts us at risk.

LAUSANNE, Switzerland— William Binney, creator of some of the computer code used by the National Security Agency to snoop on Internet traffic around the world, delivered an unusual message here in September to an audience worried that the spy agency knows too much.

It knows so much, he said, that it can’t understand what it has.

“What they are doing is making themselves dysfunctional by taking all this data,” Mr. Binney said at a privacy conference here.

The agency is drowning in useless data, which harms its ability to conduct legitimate surveillance, claims Mr. Binney, who rose to the civilian equivalent of a general during more than 30 years at the NSA before retiring in 2001. Analysts are swamped with so much information that they can’t do their jobs effectively, and the enormous stockpile is an irresistible temptation for misuse.

Mr. Binney’s warning has gotten far less attention than legal questions raised by leaks from former NSA contractor Edward Snowden about the agency’s mass collection of information around the world. Those revelations unleashed a re-examination of the spy agency’s aggressive tactics.

Top U.S. intelligence officials gathered in the White House Situation Room in March to debate a controversial proposal. Counterterrorism officials wanted to create a government dragnet, sweeping up millions of records about U.S. citizens—even people suspected of no crime.

Counterterrorism officials wanted to create a government dragnet, sweeping up millions of records about U.S. citizens-even people suspected of no crime.

Not everyone was on board. “This is a sea change in the way that the government interacts with the general public,” Mary Ellen Callahan, chief privacy officer of the Department of Homeland Security, argued in the meeting, according to people familiar with the discussions.

A week later, the attorney general signed the changes into effect.

Through Freedom of Information Act requests and interviews with officials at numerous agencies, The Wall Street Journal has reconstructed the clash over the counterterrorism program within the administration of President Barack Obama. The debate was a confrontation between some who viewed it as a matter of efficiency—how long to keep data, for instance, or where it should be stored—and others who saw it as granting authority for unprecedented government surveillance of U.S. citizens.

For more than two years, the police in San Leandro, Calif., photographed Mike Katz-Lacabe’s Toyota Tercel almost weekly. They have shots of it cruising along Estudillo Avenue near the library, parked at his friend’s house and near a coffee shop he likes. In one case, they snapped a photo of him and his two daughters getting out of a car in his driveway.

Mr. Katz-Lacabe isn’t charged with, or suspected of, any crime. Local police are tracking his vehicle automatically, using cameras mounted on a patrol car that record every nearby vehicle—license plate, time and location.

“Why are they keeping all this data?” says Mr. Katz-Lacabe, who obtained the photos of his car through a public-records request. “I’ve done nothing wrong.”

Until recently it was far too expensive for police to track the locations of innocent people such as Mr. Katz-Lacabe. But as surveillance technologies decline in cost and grow in sophistication, police are rapidly adopting them. Private companies are joining, too. At least two start-up companies, both founded by “repo men”—specialists in repossessing cars or property from deadbeats—are currently deploying camera-equipped cars nationwide to photograph people’s license plates, hoping to profit from the data they collect.

The rise of license-plate tracking is a case study in how storing and studying people’s everyday activities, even the seemingly mundane, has become the default rather than the exception. Cellphone-location data, online searches, credit-card purchases, social-network comments and more are gathered, mixed-and-matched, and stored in vast databases.

The Wall Street Journal analyzed 100 of the most used applications that connect to Facebook’s social-networking platform to see what data they sought from people. The Journal also tested its own Facebook app, WSJ Social. See the apps tested by the Journal, along with the permissions they ask users to grant them.

Many popular Facebook apps are obtaining sensitive information about users—and users’ friends—so don’t be surprised if details about your religious, political and even sexual preferences start popping up in unexpected places.

A Wall Street Journal examination of 100 of the most popular Facebook apps found that some seek the email addresses, current location and sexual preference, among other details, not only of app users but also of their Facebook friends

The Wall Street Journal, Page W1

Not so long ago, there was a familiar product called software. It was sold in stores, in shrink-wrapped boxes. When you bought it, all that you gave away was your credit card number or a stack of bills.

Now there are “apps”—stylish, discrete chunks of software that live online or in your smartphone. To “buy” an app, all you have to do is click a button. Sometimes they cost a few dollars, but many apps are free, at least in monetary terms. You often pay in another way. Apps are gateways, and when you buy an app, there is a strong chance that you are supplying its developers with one of the most coveted commodities in today’s economy: personal data.

Google Inc. and other advertising companies have been bypassing the privacy settings of millions of people using Apple Inc.’s Web browser on their iPhones and computers—tracking the Web-browsing habits of people who intended for that kind of monitoring to be blocked.

The Surveillance Catalog allows readers to peruse secret marketing materials published by companies that make tracking equipment.

Documents obtained by The Wall Street Journal open a rare window into a new global market for the off-the-shelf surveillance technology that has arisen in the decade since the terrorist attacks of Sept. 11, 2001.

The techniques described in the trove of 200-plus marketing documents include hacking tools that enable governments to break into people’s computers and cellphones, and “massive intercept” gear that can gather all Internet communications in a country.

State and federal authorities follow the movements of thousands of Americans each year by secretly monitoring the location of their cellphones, often with little judicial oversight, in a practice facing legal challenges.

Electronic tracking, used by police to investigate such crimes as drug dealing and murder, has become as routine as “looking for fingerprint evidence or DNA evidence,” said Gregg Rossman, a prosecutor in Broward County, Fla.

The use of cellphone tracking by authorities is among the most common types of electronic surveillance, exceeding wiretaps and the use of GPS tracking, according to a survey of local, state and federal authorities by The Wall Street Journal.

The U.S. government has obtained a controversial type of secret court order to force Google Inc. and small Internet provider Sonic.net Inc. to turn over information from the email accounts of WikiLeaks volunteer Jacob Appelbaum, according to documents reviewed by The Wall Street Journal.

Major websites such as MSN.com and Hulu.com have been tracking people’s online activities using powerful new methods that are almost impossible for computer users to detect, new research shows.

The new techniques, which are legal, reach beyond the traditional “cookie,” a small file that websites routinely install on users’ computers to help track their activities online. Hulu and MSN were installing files known as “supercookies,” which are capable of re-creating users’ profiles after people deleted regular cookies, according to researchers at Stanford University and University of California at Berkeley.

With this device, made by BI2 Technologies, an officer can snap a picture of a face from up to five feet away, or scan a person’s irises from up to six inches away.

Dozens of law-enforcement agencies from Massachusetts to Arizona are preparing to outfit their forces with controversial hand-held facial-recognition devices as soon as September, raising significant questions about privacy and civil liberties.

With the device, which attaches to an iPhone, an officer can snap a picture of a face from up to five feet away, or scan a person’s irises from up to six inches away, and do an immediate search to see if there is a match with a database of people with criminal records. The gadget also collects fingerprints.

As the surreptitious tracking of Internet users becomes more aggressive and widespread, tiny start-ups and technology giants alike are pushing a new product: privacy.

Companies including Microsoft Corp., McAfee Inc.—and even some online-tracking companies themselves—are rolling out new ways to protect users from having their movements monitored online. Some are going further and starting to pay people a commission every time their personal details are used by marketing companies.

Companies are developing digital fingerprint technology to identify how we use our computers, mobile devices and TV set-top boxes. WSJ’s Simon Constable talks to Julia Angwin about the next generation of tracking tools.

IRVINE, Calif.—David Norris wants to collect the digital equivalent of fingerprints from every computer, cellphone and TV set-top box in the world.

He’s off to a good start. So far, Mr. Norris’s start-up company, BlueCava Inc., has identified 200 million devices. By the end of next year, BlueCava says it expects to have cataloged one billion of the world’s estimated 10 billion devices.

Advertisers no longer want to just buy ads. They want to buy access to specific people. So, Mr. Norris is building a “credit bureau for devices” in which every computer or cellphone will have a “reputation” based on its user’s online behavior, shopping habits and demographics. He plans to sell this information to advertisers willing to pay top dollar for granular data about people’s interests and activities.

At 1 a.m. on May 7, the website PatientsLikeMe.com noticed suspicious activity on its “Mood” discussion board. There, people exchange highly personal stories about their emotional disorders, ranging from bipolar disease to a desire to cut themselves.

It was a break-in. A new member of the site, using sophisticated software, was “scraping,” or copying, every single message off PatientsLikeMe’s private online forums.

New York ad company [x+1] made predictions about users based on just one click on a website. This interactive shows the company’s assumptions about users and how they affected what credit cards were shown.

You may not know a company called [x+1] Inc., but it may well know a lot about you.

From a single click on a web site, [x+1] correctly identified Carrie Isaac as a young Colorado Springs parent who lives on about $50,000 a year, shops at Wal-Mart and rents kids’ videos. The company deduced that Paul Boulifard, a Nashville architect, is childless, likes to travel and buys used cars. And [x+1] determined that Thomas Burney, a Colorado building contractor, is a skier with a college degree and looks like he has good credit.

The company didn’t get every detail correct. But its ability to make snap assessments of individuals is accurate enough that Capital One Financial Corp. uses [x+1]’s calculations to instantly decide which credit cards to show first-time visitors to its website.

The largest U.S. websites are installing new and intrusive consumer-tracking technologies on the computers of people visiting their sites—in some cases, more than 100 tracking tools at a time—a Wall Street Journal investigation has found.

The tracking files represent the leading edge of a lightly regulated, emerging industry of data-gatherers who are in effect establishing a new business model for the Internet: one based on intensive surveillance of people to sell data about, and predictions of, their interests and activities, in real time.

A Journal investigation finds that one of the fastest-growing businesses on the Internet is the business of spying on consumers. First in a series.

The Wall Street Journal, Page W1

Ashley Hayes-Beaty

Hidden inside Ashley Hayes-Beaty’s computer, a tiny file helps gather personal details about her, all to be put up for sale for a tenth of a penny.

The file consists of a single code— 4c812db292272995-e5416a323e79bd37—that secretly identifies her as a 26-year-old female in Nashville, Tenn. The code knows that her favorite movies include “The Princess Bride,” “50 First Dates” and “10 Things I Hate About You.” It knows she enjoys the “Sex and the City” series. It knows she browses entertainment news and likes to take quizzes.